WLAN Security Blues

As the SoBig virus continues to rip through the Internet, security firms are highlighting the ways that viruses could also be wirelessly transferred over 802.11 networks, many of which are still wide open to hacking and other malicious attacks.

Pontus Bergdahl, the CEO of wireless VPN startup Columbitech AB, warns that as 802.11 begins to come standard on many new laptops and as new -- and often insecure -- wireless LAN hotspots spring up left, right, and center, WLAN users could be more open to viruses than they realize.

802.11-equipped laptops, which automatically scan for wireless networks, could connect to "open, unprotected access points" in major cities, such as New York, where there are large numbers of free hotspots dotted around town. "You may not even know about it," says Bergdahl.

Bergdahl says that users should implement a personal firewall and anti-virus program on their laptop to protect against any unpleasantness. Steve Fallin, director of VPN firm WatchGuard Technologies Inc.'s (Nasdaq: WGRD) rapid response team, concurs with this advice; however, he also notes that even business network managers are still failing to implement the most basic wireless LAN security available to them.

Fallin says that Watchguard recently grabbed a network sniffing program and took a ride in Seattle's business district. "We found dozens of insecure networks," Fallin says. Law firms, engineering firms, and others all had 802.11 networks that were open to the world and vulnerable to viruses and other malicious attacks.

Yet security researchers and firms have for a couple of years now been warning that 802.11 -- in its current format -- is fundamentally insecure (see WLAN: The Four S's for the technical nitty-gritty). However, Fallin says that many users have yet to catch on and are unlikely to want to talk about it if they do get caught out.

"It's a dirty little secret," he says.

— Dan Jones, Senior Editor, Unstrung
MeshKing 12/4/2012 | 11:31:20 PM
re: WLAN Security Blues Wouldn't at least 128AES be the standard, at least for DOD and other wireless applications?
Sign In